[NT]Vulnerabilities in GDI+ Allow Code Execution (MS08-052)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 4 Oct 2008 18:19:20 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerabilities in GDI+ Allow Code Execution (MS08-052)
------------------------------------------------------------------------
SUMMARY
This security update resolves several privately reported vulnerabilities
in Microsoft Windows GDI+. These vulnerabilities could allow remote code
execution if a user viewed a specially crafted image file using affected
software or browsed a Web site that contains specially crafted content.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative
user rights.
This security update is rated Critical for all supported editions of
Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008,
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft
Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL
Server 2000 Reporting Services Service Pack 2, all supported editions of
SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1
Redistributable Package, and Microsoft Report Viewer 2008 Redistributable
Package.
This security update is rated Important for all supported editions of
Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System,
Microsoft Visio 2002, Microsoft Office PowerPoint Viewer 2003, Microsoft
Works 8, and Microsoft Forefront Client Security 1.0. For more
information, see the subsection, Affected and Non-Affected Software, in
this section.
DETAILS
Affected Software:
Windows Operating System and Components
* Windows XP Service Pack 2 and Windows XP Service Pack 3 - Not
applicable - Remote Code Execution - Critical - None
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2 - Not applicable - Remote Code Execution - Critical
- None
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems - Not applicable - Remote
Code Execution - Critical - None
* Windows Vista and Windows Vista Service Pack 1 - Not applicable -
Remote Code Execution - Critical - None
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Not applicable - Remote Code Execution - Critical - None
* Windows Server 2008 for 32-bit Systems* - Not applicable - Remote Code
Execution - Critical - None
* Windows Server 2008 for x64-based Systems* - Not applicable - Remote
Code Execution - Critical - None
* Windows Server 2008 for Itanium-based Systems - Not applicable - Remote
Code Execution - Critical - None
Internet Explorer 6
* Microsoft Windows 2000 Service Pack 4 - Microsoft Internet Explorer 6
Service Pack 1 (KB938464) - Remote Code Execution - Critical - MS07-050
Microsoft .NET Framework
* Microsoft Windows 2000 Service Pack 4
o Microsoft .NET Framework 1.0 Service Pack 3 (KB947739)
o Microsoft .NET Framework 1.1 Service Pack 1 (KB947742)
o Microsoft .NET Framework 2.0 (KB947746)
o Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
*Windows Server 2008 Server Core installation not affected. The
vulnerabilities addressed by this update do not affect supported editions
of Windows Server 2008 if Windows Server 2008 was installed using the
Server Core installation option, even though the files affected by these
vulnerabilities may be present on the system. However, users with the
affected files will still be offered this update because the update files
are newer (with higher version numbers) than the files that are currently
on your system. For more information on this installation option, see
Server Core. Note that the Server Core installation option does not apply
to certain editions of Windows Server 2008; see Compare Server Core
Installation Options.
Microsoft Office
* Microsoft Office XP Service Pack 3 (KB953405) - Remote Code Execution -
Important - MS04-028
* Microsoft Office 2003 Service Pack 2 (KB954478) - Remote Code Execution
- Important - None
* Microsoft Office 2003 Service Pack 3 (KB954478) - Remote Code Execution
- Important - None
* 2007 Microsoft Office System (KB954326) - Remote Code Execution -
Important - None
* 2007 Microsoft Office System Service Pack 1 (KB954326) - Remote Code
Execution - Important - None
Other Office Software
Microsoft Visio 2002 Service Pack 2 (KB954479) - Remote Code Execution -
Important - MS08-019
* Microsoft Office PowerPoint Viewer 2003 (KB956500) - Remote Code
Execution - Important - MS08-051
* Microsoft Works 8 (KB956483) - Remote Code Execution - Important -
MS08-044
* Microsoft Digital Image Suite 2006 (KB955992) - Remote Code Execution -
Critical - None
Note Office Communicator 2005 and Office Communicator 2007 distribute a
copy of gdiplus.dll that contains the affected code. However, Microsoft's
analysis has shown that there are no reliable attack vectors exposed in
these products.
Microsoft SQL Server
* Not applicable - SQL Server 2000 Reporting Services Service Pack 2
(KB954609) - Remote Code Execution - Critical - None
* SQL Server 2005 Service Pack 2 (KB954606) - SQL Server 2005 Service
Pack 2 (KB954607) - Remote Code Execution - Critical - MS08-040
* SQL Server 2005 x64 Edition Service Pack 2 (KB954606) - SQL Server 2005
x64 Edition Service Pack 2 (KB954607) - Remote Code Execution - Critical -
MS08-040
* SQL Server 2005 for Itanium-based Systems Service Pack 2 (KB954606) -
SQL Server 2005 for Itanium-based Systems Service Pack 2 (KB954607) -
Remote Code Execution - Critical - MS08-040
Developer Tools
* Microsoft Visual Studio .NET 2002 Service Pack 1 (KB947736) - None -
None - None
* Microsoft Visual Studio .NET 2003 Service Pack 1 (KB947737) - None -
None - None
* Microsoft Visual Studio 2005 Service Pack 1 (KB947738) - None - None -
None
* Microsoft Visual Studio 2008 (KB952241) - None - None - None
* Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
(KB954765) - Remote Code Execution - Critical - None
* Microsoft Report Viewer 2008 Redistributable Package (KB954766) -
Remote Code Execution - Critical - None
* Microsoft Visual FoxPro 8.0 Service Pack 1 when installed on Microsoft
Windows 2000 Service Pack 4 (KB955368) - None - None - None
* Microsoft Visual FoxPro 9.0 Service Pack 1 when installed on Microsoft
Windows 2000 Service Pack 4 (KB955369) - None - None - None
* Microsoft Visual FoxPro 9.0 Service Pack 2 when installed on Microsoft
Windows 2000 Service Pack 4 (KB955370) - None - None - None
* Microsoft Platform SDK Redistributable: GDI+ - None - None - MS04-028
Security Software
* Microsoft Forefront Client Security 1.0 when installed on Microsoft
Windows 2000 Service Pack 4 (KB957177) - Remote Code Execution - Important
- None
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows 2000 Service Pack 4
o Microsoft Internet Explorer 5.01 Service Pack 4
o Windows Messenger 5.1
* Windows XP Service Pack 2 and Windows XP Service Pack 3
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Vista and Windows Vista Service Pack 1
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for 32-bit Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for x64-based Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for Itanium-based Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
Microsoft Office Suites
* Microsoft Office 2000 Service Pack 3
Other Office Software
* Microsoft Office Viewer 2003 and Microsoft Office Viewer 2003 Service
Pack 3 for Excel, PowerPoint, Word, and Visio
* Microsoft Office Viewer 2007 and Microsoft Office Viewer 2007 Service
Pack 1 for Excel, PowerPoint, Word, and Visio
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel,
and PowerPoint 2007 File Formats Service Pack 1
* Microsoft Visio 2003 Service Pack 2
* Microsoft Visio 2003 Service Pack 3
* Microsoft Visio 2007
* Microsoft Visio 2007 Service Pack 1
* Microsoft Visio 2002 Viewer
* Microsoft Visio 2003 Viewer
* Microsoft Visio 2007 Viewer
* Microsoft Visio 2007 Viewer Service Pack 1
* Microsoft Office PowerPoint Viewer 2007 and Microsoft Office PowerPoint
Viewer 2007 Service Pack 1
* Microsoft Office SharePoint Server 2007
* Microsoft Office SharePoint Server 2007 Service Pack 1
* Microsoft Works 9.0
* Microsoft Works Suite 2005
* Microsoft Works Suite 2006
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
Microsoft SQL Server
* SQL Server 7.0 Service Pack 4
* SQL Server 2000 Service Pack 4
* SQL Server 2000 Itanium-based Edition Service Pack 4
* Microsoft Data Engine (MSDE) 1.0
* Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
* Microsoft SQL Server 2005 Express Edition Service Pack 2
Developer Tools
* Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
* Microsoft Report Viewer 2008 Redistributable Package
GDI+ VML Buffer Overrun Vulnerability - CVE-2007-5348
A remote code execution vulnerability exists in the way that GDI+ handles
gradient sizes. The vulnerability could allow remote code execution if a
user browses to a Web site that contains specially crafted content. An
attacker who successfully exploited this vulnerability could take complete
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5348>
CVE-2007-5348
GDI+ EMF Memory Corruption Vulnerability - CVE-2008-3012
A remote code execution vulnerability exists in the way that GDI+ handles
memory allocation. The vulnerability could allow remote code execution if
a user opens a specially crafted EMF image file or browses to a Web site
that contains specially crafted content. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3012>
CVE-2008-3012
GDI+ GIF Parsing Vulnerability - CVE-2008-3013
A remote code execution vulnerability exists in the way that GDI+ parses
GIF images. The vulnerability could allow remote code execution if a user
opens a specially crafted GIF image file or browses to a Web site that
contains specially crafted content. An attacker who successfully exploited
this vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013>
CVE-2008-3013
GDI+ WMF Buffer Overrun Vulnerability - CVE-2008-3014
A remote code execution vulnerability exists in the way that GDI+
allocates memory for WMF image files. The vulnerability could allow remote
code execution if a user opens a specially crafted WMF image file or
browses to a Web site that contains specially crafted content. An attacker
who successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative
user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3014>
CVE-2008-3014
GDI+ BMP Integer Overflow Vulnerability - CVE-2008-3015
A remote code execution vulnerability exists in the way that GDI+ handles
integer calculations. The vulnerability could allow remote code execution
if a user opens a specially crafted BMP image file. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015>
CVE-2008-3015
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT]Vulnerability in Windows Media Player Allows Code Execution (MS08-054)
- Next by Date: [NT]Vulnerability in Windows Media Encoder 9 Allows Code Execution (MS08-053)
- Previous by thread: [UNIX]Cross-Site Scripting Filter Evasion in Various Frameworks / Applications
- Next by thread: [NT]Vulnerability in Windows Media Encoder 9 Allows Code Execution (MS08-053)
- Index(es):
Relevant Pages
|
